sakula | 0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e | Triage

Submit
Reports

Overview

overview

Static

static

0f9a82bd99...5e.exe

windows7_x64

0f9a82bd99...5e.exe

windows10-2004_x64

Sharing

General

Target

0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e
Size

99KB
Sample

220212-hb7aeaafgn
MD5

121e7f85c6dc9e161b9d9338fbad2bd6
SHA1

4e9de100a4df156fb8feb8e7d43b379e849e2d32
SHA256

0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e
SHA512

9c6289e561a0ca4815d966c3003d38ef6c28cb330d5d38c5717f19326a0a4aa3745d1d68c17477030e5c363c3bc632bf431d32cde1747556026a91881025621b

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e
- Size
  
  99KB
- MD5
  
  121e7f85c6dc9e161b9d9338fbad2bd6
- SHA1
  
  4e9de100a4df156fb8feb8e7d43b379e849e2d32
- SHA256
  
  0f9a82bd99cf08ec695e5994cee1654dcd5a910f438e9d8efa03043a1a87f65e
- SHA512
  
  9c6289e561a0ca4815d966c3003d38ef6c28cb330d5d38c5717f19326a0a4aa3745d1d68c17477030e5c363c3bc632bf431d32cde1747556026a91881025621b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy